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CLAIMS 

1 . A system for authenticating an operator, comprising: 

at least one resource and a high-security authentication device, the at least one re- 
source being selectively utilizable by an operator; 

the high-security authentication device being configured to perform an authentication 
operation in connection with a prospective operator and generate a credential for the pro- 
spective operator if it authenticates the prospective operator; and, 

the at least one resource being configured to, in response to the prospective operator 
attempting to utilize the resource, initiate an operator authentication verification opera- 
tion using the credential to attempt to verify the authentication of the operator, and allow 
the prospective operator to utilize the at least one resource in response to the operator 
authentication verification operation. 



2. The system as in claim 1 in which the high-security authentication device further 
comprises: 

a biometric authentication device configured to, during the authentication opera- 
tion, authenticate the prospective operator in connection with at least one physical char- 
acteristic of the prospective operator. 

3. The system as in claim 1 in which the high-security authentication device further 
comprises: 

a computer-readable media reader configured to retrieve information from at least 
one type of computer-readable media and, during the authentication operation, authenti- 
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cate the prospective operator in connection with authentication information contained on 
a computer-readable medium provided thereto by the prospective operator. 

4. The system as in claim 3 wherein the computer-readable medium further comprises: 

a smart card, the smart card having authentication information stored therein, and 
the computer-readable media reader comprises a smart card reader. 

5. The system as in claim 1 wherein the high-security authentication device further com- 
prises: 

means for generating credential information for use in the credential. 

6. The system as in claim 5 wherein the high-security authentication device further com- 
prises: 

means for generating a random number as the credential information. 

7. The system as in claim 5 wherein the high-security authentication device further com- 
prises: 

means for generating a passphrase as the credential information. 

8. The system as in claim 5 wherein the high-security authentication device further com- 
prises: 

means for generating a personal identification number (PIN) as the credential in- 
formation. 

9. The system as in claim 5 wherein which the high-security authentication device fur- 
ther comprises: 

means for generating a public key/private key pair as the credential information. 
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10. The system as in claim 5 wherein the high-security authentication device further 
comprises: 

means for generating a ticket-granting ticket as the credential information. 

11. The system as in claim 1 wherein the high-security authentication device further 
comprises: 

means for inferring the credential from data supplied by the operator. 

12. The system as in claim 1 wherein the high-security authentication device further 
comprises: 

an operator input device configured to receive credential information input thereto 
by the prospective operator, the high-security authentication device being configured to 
use the credential information input by the prospective operator in connection with gen- 
eration of the credential. 

13. The system as in claim 1 wherein the high-security authentication device further 
comprises: 

a media reader configured to retrieve certificate information from a machine- 
readable medium, the high-security authentication device being configured to use the 
credential information retrieved from the machine-readable medium in connection with 
generation of the credential. 

14. The system as in claim 1 wherein the high-security authentication device further 
comprises: 

means for providing the credential to the prospective operator over a communica- 
tion link. 

15. The system as in claim 1 wherein the high-security authentication device further 
comprises: 
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means for providing the credential to the at least one resource over a communica- 
tion link. 

16. The system as in claim 1 wherein the high-security authentication device further 
comprises: 

means for providing the credential to a centralized account management facility. 

17. The system as in claim 1 wherein the centralized account management facility fur- 
ther comprises: 

means for providing the credential to the at least one resource. 

18. The system as in claim 1 further comprising: 

means for the at least one resource to receive the credential, the at least one re- 
source being further configured to, when the prospective operator wishes to utilize the at 
least one resource, perform the operator authentication verification operation in connec- 
tion with the credential as received to determine whether the credential received corre- 
sponds to the credential as provided by the prospective operator. 

19. The system as in claim 1 further comprising: 

means for the at least one resource to receive the credential from the prospective 
operator, when the prospective operator wishes to utilize the at least one resource, and 
transfer the credential to another device, the other device being configured to determine 
whether the credential as generated by the high-security authentication device corre- 
sponds to the credential as provided by the prospective operator, the other device being 
further configured to notify the at least one resource of the determination. 

20. The system as in claim 18 in which the high-security authentication device com- 
prises: the other device. 
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21. The system as in claim 1 wherein the high-security authentication device further 
comprises: 

means for performing an authentication operation in connection with the identity 
of the prospective operator. 

22. The system as in claim 1 wherein the high-security authentication device further 
comprises: 

means for performing an authentication operation in connection with at least one 
personal characteristic of the prospective operator other than identity. 

23. The system as defined in claim 21 in which the at least one personal characteristic 
further comprises: 

at least one of sobriety, blood pressure, weight, radiation emission, and credit 
worthiness. 

24. The system as in claim 1, wherein the credential further comprises: a short term cre- 
dential. 

25. A method of authenticating an operator, comprising: 

operating a system having at least one resource and a high-security authentication device, 
the at least one resource being selectively utilizable by an operator, the method compris- 
ing the steps of: 

performing, using a high-security authentication device, an authentication opera- 
tion in connection with a prospective operator and generating a credential for the pro- 
spective operator if it authenticates the prospective operator; and, 

24 

\\CHEETAHW0L1\CLIENTS\1 12\047\0050\Prosecut\edited dec 7 PATAPP.doc 12/07/01 2:35 PM 



PATENT 
112047-0050 

in response to the prospective operator attempting to utilize the resource, initiating 
an operator authentication verification operation using the credential to attempt to verify 
the authentication of the operator, and conditioning utilization of the resource by the pro- 
spective operator in response to the operator authentication verification operation. 

26. The method as in claim 24 further comprising: 

authenticating the prospective operator in connection with at least one physical 
characteristic of the prospective operator by a biometric authentication device. 

27. The method as in claim 24 further comprising: 

retrieving information from a com puter-readable media provided by the prospec- 
tive operator, and during the authentication operation, authenticating the prospective op- 
erator in connection with authentication information contained on the computer-readable 
medium. 

28. The method as in claim 26 further comprising: 

using as the computer readable media a smart card, the smart card having authen- 
tication information stored therein. 

29. The method as in claim 24 further comprising: 

generating credential information by the high-security authentication device for 
use in the credential. 

30. The method as in claim 24 further comprising: 

generating a random number as the credential information. 

3 1 . The method as in claim 24 further comprising: 

generating a passphrase as the credential information. 
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32. The method as in claim 24 further comprising: 

generating a personal identification number (PIN) as the credential information. 

33. The method as in claim 24 further comprising: 

inferring the credential from data supplied by the operator. 

34. The method as in claim 24 further comprising: 

generating a public key/private key pair as the credential information. 

35. The method as in claim 24 further comprising: 

generating a ticket-granting ticket as the credential information. 

36. The method as in claim 24 further comprising: 

receiving credential information input into an operator input device by the pro- 
spective operator. 

37. The method as in claim 24 further comprising: 

retrieving certificate information from a machine-readable medium. 

38. The method as in claim 24 further comprising: 

providing the credential to the prospective operator and to the at least one re- 
source over a communication link. 

39. The method as in claim 24 further comprising: 

providing the credential to a centralized account management facility. 

40. The method as in claim 38 further comprising: 
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providing, by the centralized account management facility, the credential to the at 
least one resource. 

41 . The method as in claim 1 further comprising: 

receiving the credential by the at least one resource; and, 

configuring the at least one resource to perform the operator authentication verifi- 
cation operation in connection with the credential as received, to determine whether the 
credential received corresponds to the credential as provided by the prospective operator. 

42. The method as in claim 24 further comprising: 

receiving the credential from the prospective operator by the at least one resource, 
when the prospective operator wishes to utilize the at least one resource, and transferring 
the credential to another device, the other device being configured to determine whether 
the credential as generated by the high-sec urity authentication device corresponds to the 
credential as provided by the prospective operator, the other device being further config- 
ured to notify the at least one resource of the determination. 

43. The method as in claim 41 further comprising: 

using the high-security authentication device as the other device. 

44. The method as in claim 24 further comprising: 

performing an authentication operation in connection with the identity of the pro- 
spective operator. 

45. The method as in claim 24 further comprising: 

performing an authentication operation in connection with at least one personal 
characteristic of the prospective operator other than identity. 
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46. The method as in claim 44 further comprising: 

using as the at least one personal characteristic at least one of sobriety, blood 
pressure, weight, radiation emission, and credit worthiness. 

47. The method as in claim 24 further comprising: using as the credential a short term 
credential. 

48. A computer readable media comprising: 

the computer readable media having information written thereon, the information 
having instructions for execution in a computer for the practice of the method of claim 
24. 

49. Electromagnetic signals propagating on a computer network comprising: 

said electromagnetic signals carrying infoimation, the information having instructions for 
execution in a computer for the practice of the method of claim 24. 
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